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AMENDMENTS TO THE CLAIMS 

1. (Previously Presented) A method for a first Web service client to invoke a 
service hosted on a second Web service client on behalf of a principal in a computer 
environment, comprising the steps of: 

said principal logging in with a discovery service; 

said discovery service passing to said principal an identity assertion associated 
with said principal and a discovery service descriptor associated with said discovery 
service for use by discovery service for future authentication; 

said principal authenticating using said identity assertion and using said 
discovery service descriptor at said first Web service client, said first Web service client 
representing a desired commerce site; 

in response to an action related to said desired commerce site, said first Web 
service client requesting a first service descriptor associated with said first Web service 
and a first service assertion associated with said first Web service from said discovery 
service; 

in response to receiving said first service descriptor and said first service 
assertion, said first Web service client invoking a desired service at said first Web 
service; 

upon said first Web service determining a need to invoke a second desired 
service at a second Web service, said second Web service requesting from said first 
Web service a second service descriptor associated with said second Web service and 
a second service assertion associated with said second Web service; and 

in response to receiving said request for said second service descriptor and said 
second service assertion, said discovery service concatenating said second service 
assertion to said first service assertion and subsequently passing said first service 
assertion and said second service assertion to said second Web service via said first 
Web service; 

in response to receiving said first service assertion and second service assertion, 
said first Web service invoking said desired second service at said second Web service, 
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wherein said second Web service obtains chained assertions from said first Web 
service, wherein said first Web service obtains said chained assertions from said 
discovery service, wherein said chained assertions comprise said identity assertion and 
said discovery service descriptor sent to said discovery service by said principal. 

2. (Original) The method of Claim 1 , wherein said first Web service invokes one or 
more services hosted on one or more Web servers. 

3. (Original) The method of Claim 1, wherein said Web service client, said 
discovery service, said first Web server, and said second Web server are members of a 
federation relationship in which each member trusts said discovery service. 

4. (Original) The method of Claim 1 , wherein said service assertion is any of, but 
not limited to: 

a ticket; 
a token; 

is notarized by said discovery service; and 
is certified by said discovery service. 

5. (Previously Presented) The method of Claim 4, wherein said service assertion is 
implemented using any of, but not limited to: 

a string; 
a certificate; 
a public key; and 

discovery keys wherein the discovery service has copies of the keys. 

6. (Original) The method of Claim 1 , wherein said service descriptor comprises any 
of, but not limited to: 

a URL; 

a String; and 

a Simple Object Access Protocol (SOAP) address for Web services. 
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7. (Previously Presented) An apparatus for a first Web service provider to invoke a 
service hosted on a second Web service provider on behalf of a principal in a computer 
environment, comprising: 

means for said principal logging in with a discovery service; 

means for said discovery service passing to said principal an identity assertion 
associated with said principal and a discovery service descriptor associated with said 
discovery service for use by principal for future authentication; 

means for said principal authenticating using said identity assertion and using 
said discovery service descriptor at a Web service client, said Web service client linking 
to and representing a desired commerce site of said principal; 

in response to an action related to said desired commercial site, means for said 
Web service client requesting a first service descriptor associated with said first Web 
service and a first service assertion associated with said first Web service from said 
discovery service; 

in response to receiving said first service descriptor and said first service 
assertion, means for said Web service client invoking a desired service at said first Web 
service; 

upon said first Web service determining a need to invoke a second desired 
service at a second Web service, means for said first Web service requesting from said 
discovery service a second service descriptor associated with said second Web service 
and a second service assertion associated with said second Web service; and 

in response to receiving said request for said second service descriptor and said 
second service assertion, means for said discovery service concatenating said second 
service assertion to said first service assertion and subsequently passing said first 
service assertion and said second service descriptor to said first Web service; 

in response to receiving said first service assertion and second service 
descriptor, means for said first Web service invoking said desired second service at said 
second Web service. 



4 



Attorney Docket no. AOL0094 



Application Serial No. 10/801,406 



8. (Original) The apparatus of Claim 7, wherein said first Web service invokes one 
or more services hosted on one or more Web servers. 

9. (Original) The apparatus of Claim 7, wherein said Web service client, said 
discovery service, said first Web server, and said second Web server are members of a 
federation relationship in which each member trusts said discovery service. 

10. (Original) The apparatus of Claim 7, wherein said service assertion is any of, but 
not limited to: 

a ticket; 
a token; 

is notarized by said discovery service; and 
is certified by said discovery service. 

11. (Previously Presented) The apparatus of Claim 10, wherein said service 
assertion is implemented using any of, but not limited to: 

a string; 
a certificate; 
a public key; and 

discovery keys wherein the discovery service has copies of the keys. 

12. (Original) The apparatus of Claim 7, wherein said service descriptor comprises 
any of, but not limited to: 

a URL; 

a String; and 

a Simple Object Access Protocol (SOAP) address for Web services. 

13. (Previously Presented) A program storage medium readable by a computer, 
tangibly embodying a program of instructions executable by the computer to perform a 
method for updating address information in a computer environment, the method 
comprising the steps of: 
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said principal logging in with a discovery service; 

said discovery service passing to said principal an identity assertion associated 
with said principal and a discovery service descriptor associated with said discovery 
service for use by principal for future authentication; 

said principal authenticating using said identity assertion and using said 
discovery service descriptor at a Web service client, said Web service client linking to 
and representing a desired commerce site of said principal; 

in response to an action related to said desired commercial site, said Web 
service client requesting a first service descriptor associated with said first Web service 
and a first service assertion associated with said first Web service from said discovery 
service; 

in response to receiving said first service descriptor and said first service 
assertion, said Web service client invoking a desired service at said first Web service; 

upon said first Web service determining a need to invoke a second desired 
service at a second Web service, said first Web service requesting from said discovery 
service a second service descriptor associated with said second Web service and a 
second service assertion associated with said second Web service; and 

in response to receiving said request for said second service descriptor and said 
second service assertion, said discovery service concatenating said second service 
assertion to said first service assertion and subsequently passing said first service 
assertion and said second service descriptor to said second Web service via said first 
Web service; 

in response to receiving said first service assertion and second service 
descriptor, said first Web service invoking said desired second service at said second 
Web service. 

14. (Original) The medium of Claim 13, wherein said first Web service invokes one 
or more services hosted on one or more Web servers. 
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15. (Original) The medium of Claim 13, wherein said Web service client, said 
discovery service, said first Web server, and said second Web server are members of a 
federation relationship in which each member trusts said discovery service. 

16. (Original) The medium of Claim 13, wherein said service assertion is any of, but 
not limited to: 

a ticket; 
a token; 

is notarized by said discovery service; and 
is certified by said discovery service. 

17. (Previously Presented) The medium of Claim 16, wherein said service assertion 
is implemented using any of, but not limited to: 

a string; 
a certificate; 
a public key; 

discovery keys wherein the discovery service has copies of the keys; and 
a form of cryptography. 

18. (Original) The medium of Claim 13, wherein said service descriptor comprises 
any of, but not limited to: 

a URL; 

a String; and 

a Simple Object Access Protocol (SOAP) address for Web services. 

19. (Previously Presented) A process for a first Web service provider to invoke a 
service hosted on a second Web service provider on behalf of a principal in a computer 
environment, comprising the steps of: 

said principal logs in with a discovery service for subsequent authentication; 
in response to said log in, said discovery service passing an identity assertion 
and a discovery service descriptor to said principal; 
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said principal uses said identity assertion and said discovery service descriptor to 
access a Web commerce site with a Web service client software interface application; 

said Web service client software interface application requesting a first service 
descriptor and a first service assertion for a first desired service at a first Web server 
from said discovery service; 

in response to receiving said first service descriptor and said first service 
assertion from said discovery service, said Web service client software interface 
application invoking said first desired service at said first Web server; 

said first Web server requesting a second service descriptor and a second 
service assertion for a second desired service at a second Web server from said 
discovery service; 

on behalf of said principal, said discovery service retaining a footprint of: (1) said 
application requesting said first service descriptor and said first service assertion and 
(2) said first Web server requesting said second service descriptor and said second 
service assertion; and 

in response to receiving said second service descriptor and said second service 
assertion from said discovery service, said first Web server invoking said second 
desired service at said second Web server on behalf of said principal. 

20. (Previously Presented) An apparatus for a first Web service provider to invoke a 
service hosted on a second Web service provider on behalf of a principal in a computer 
environment, comprising: 

means for said principal logs in with a discovery service for subsequent 
authentication; 

in response to said log in, means for said discovery service passing an identity 
assertion and a discovery service descriptor to said principal; 

means for said principal using said identity assertion and said discovery service 
descriptor to access a Web commerce site with a Web service client software interface 
application; 
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means for said Web service client software interface application requesting a first 
service descriptor and a first service assertion for a first desired service at a first Web 
server from said discovery service; 

in response to receiving said first service descriptor and said first service 
assertion from said discovery service, means for said Web service client software 
interface application invoking said first desired service at said first Web server; 

means for said first Web server requesting a second service descriptor and a 
second service assertion for a second desired service at a second Web server from 
said discovery service; 

in response to receiving said second service descriptor and said second service 
assertion from said discovery service, means for said first Web server invoking said 
second desired service at said second Web server on behalf of said principal; and 

means for retaining a footprint of requested services, wherein said footprint 
contains both said first service assertion and said second service assertion. 

21. (Previously Presented) A program storage medium readable by a computer, 
tangibly embodying a program of instructions executable by the computer to perform a 
method for updating address information in a computer environment, the method 
comprising the steps of: 

said principal logs in with a discovery service for subsequent authentication; 

in response to said log in, said discovery service passing an identity assertion 
and a discovery service descriptor to said principal; 

said principal uses said identity assertion and said discovery service descriptor to 
access a Web commerce site with a Web service client software interface application; 

said Web service client software interface application requesting a first service 
descriptor and a first service assertion for a first desired service at a first Web server 
from said discovery service; 

in response to receiving said first service descriptor and said first service 
assertion from said discovery service, said Web service client software interface 
application invoking said first desired service at said first Web server; 
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said first Web server requesting a second service descriptor and a second 
service assertion for a second desired service at a second Web server from said 
discovery service; 

wherein said discovery service maintains a footprint of requested services, 
wherein said footprint contains both said first service assertion and said second service 
assertion; and 

in response to receiving said second service descriptor and said second service 
assertion from said discovery service, said first Web server invoking said second 
desired service at said second Web server on behalf of said principal. 
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